package com.webserver.controller;

import com.webserver.annoations.Controller;
import com.webserver.annoations.RequestMapping;
import com.webserver.entity.User;
import com.webserver.http.HttpServletRequest;
import com.webserver.http.HttpServletResponse;
import com.webserver.util.DBUtil;

import java.io.*;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;

/**
 * 当前类用于处理与用户相关操作
 */
@Controller
public class UserController {
    private static File userDir;//用来表示存放所有用户信息的目录
    static {
        userDir = new File("./users");
        if(!userDir.exists()){
            userDir.mkdirs();
        }
    }

    @RequestMapping("/loginUser")
    public void login(HttpServletRequest request, HttpServletResponse response){
        System.out.println("开始处理登录!!!");
        String username = request.getParameter("username");
        String password = request.getParameter("password");
        System.out.println(username+","+password);
        //必要的验证工作
        if(username==null||username.trim().isEmpty()||
                password==null||password.trim().isEmpty()){
            response.sendRedirect("login_info_error.html");
            return;
        }

        try (
             Connection connection = DBUtil.getConnection();
        ){
            /*
                SQL注入攻击:
                如果密码输入如下:
                ' OR '1'='1

                下面SQL语句拼接密码后得到的内容改变了SQL语义
                SELECT *
                FROM userinfo
                WHERE username='ahjkhsdfj'
                AND password='' OR '1'='1'
             */
            Statement state = connection.createStatement();
            String sql = "SELECT id,username,password,nickname,age " +
                         "FROM userinfo " +
                         "WHERE username='"+username+"' " +
                         "AND password='"+password+"' ";
            ResultSet rs = state.executeQuery(sql);

            if(rs.next()){//结果集中如果查询出来一条记录
                response.sendRedirect("/login_success.html");
            }else{
                response.sendRedirect("/login_fail.html");
            }


        } catch (SQLException e) {
            e.printStackTrace();
        }


    }

    @RequestMapping("/regUser")
    public void reg(HttpServletRequest request, HttpServletResponse response){
        System.out.println("开始处理用户注册!!!");
        String username = request.getParameter("username");
        String password = request.getParameter("password");
        String nickname = request.getParameter("nickname");
        String ageStr = request.getParameter("age");
        System.out.println(username+","+password+","+nickname+","+ageStr);
        if(username==null||username.trim().isEmpty()||
           password==null||password.trim().isEmpty()||
           nickname==null||nickname.trim().isEmpty()||
           ageStr==null||ageStr.trim().isEmpty()||
           !ageStr.matches("[0-9]+")
        ){
            //信息输入有误提示页面
            response.sendRedirect("/reg_info_error.html");
            return;
        }

        System.out.println(username+","+password+","+nickname+","+ageStr);
        int age = Integer.parseInt(ageStr);

        //2将该用户插入到userinfo表中
        try (
                Connection connection = DBUtil.getConnection();
        ){
            Statement state = connection.createStatement();
            String sql = "INSERT INTO userinfo " +
                         "(username,password,nickname,age) " +
                         "VALUES " +
//                       "('','','',12)";
                         "('"+username+"','"+password+"','"+nickname+"',"+age+")";
            System.out.println(sql);
            int count = state.executeUpdate(sql);
            if(count>0){//插入成功
                response.sendRedirect("/reg_success.html");
            }

        } catch (SQLException e) {
            e.printStackTrace();
        }


    }
}
